MCPcopy
hub / github.com/grpc/grpc-go / TestServerCredsProviderSwitch

Method TestServerCredsProviderSwitch

credentials/xds/xds_server_test.go:430–526  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

428}
429
430func (s) TestServerCredsProviderSwitch(t *testing.T) {
431 opts := ServerOptions{FallbackCreds: &errorCreds{}}
432 creds, err := NewServerCredentials(opts)
433 if err != nil {
434 t.Fatalf("NewServerCredentials(%v) failed: %v", opts, err)
435 }
436 ctx, cancel := context.WithTimeout(context.Background(), defaultTestTimeout)
437 defer cancel()
438
439 // The first time the handshake function is invoked, it returns a
440 // HandshakeInfo which is expected to fail. Further invocations return a
441 // HandshakeInfo which is expected to succeed.
442 cnt := 0
443 // Create a test server which uses the xDS server credentials created above
444 // to perform TLS handshake on incoming connections.
445 ts := newTestServerWithHandshakeFunc(ctx, func(rawConn net.Conn) handshakeResult {
446 cnt++
447 var hi *xdsinternal.HandshakeInfo
448 if cnt == 1 {
449 // Create a HandshakeInfo which has a root provider which does not match
450 // the certificate sent by the client.
451 hi = xdsinternal.NewHandshakeInfo(makeRootProvider(t, "x509/server_ca_cert.pem"), makeIdentityProvider(t, "x509/client2_cert.pem", "x509/client2_key.pem"), nil, true, "", false, false)
452
453 // Create a wrapped conn which can return the HandshakeInfo and
454 // configured deadline to the xDS credentials' ServerHandshake()
455 // method.
456 conn := newWrappedConn(rawConn, hi, time.Now().Add(defaultTestTimeout))
457
458 // ServerHandshake() on the xDS credentials is expected to fail.
459 if _, _, err := creds.ServerHandshake(conn); err == nil {
460 return handshakeResult{err: errors.New("ServerHandshake() succeeded when expected to fail")}
461 }
462 return handshakeResult{}
463 }
464
465 hi = xdsinternal.NewHandshakeInfo(makeRootProvider(t, "x509/client_ca_cert.pem"), makeIdentityProvider(t, "x509/server1_cert.pem", "x509/server1_key.pem"), nil, true, "", false, false)
466
467 // Create a wrapped conn which can return the HandshakeInfo and
468 // configured deadline to the xDS credentials' ServerHandshake()
469 // method.
470 conn := newWrappedConn(rawConn, hi, time.Now().Add(defaultTestTimeout))
471
472 // Invoke the ServerHandshake() method on the xDS credentials
473 // and make some sanity checks before pushing the result for
474 // inspection by the main test body.
475 _, ai, err := creds.ServerHandshake(conn)
476 if err != nil {
477 return handshakeResult{err: fmt.Errorf("ServerHandshake() failed: %v", err)}
478 }
479 if ai.AuthType() != "tls" {
480 return handshakeResult{err: fmt.Errorf("ServerHandshake returned authType %q, want %q", ai.AuthType(), "tls")}
481 }
482 info, ok := ai.(credentials.TLSInfo)
483 if !ok {
484 return handshakeResult{err: fmt.Errorf("ServerHandshake returned authInfo of type %T, want %T", ai, credentials.TLSInfo{})}
485 }
486 return handshakeResult{connState: info.State}
487 })

Callers

nothing calls this directly

Calls 15

NewServerCredentialsFunction · 0.85
newWrappedConnFunction · 0.85
makeClientTLSConfigFunction · 0.85
compareConnStateFunction · 0.85
NowMethod · 0.80
makeRootProviderFunction · 0.70
makeIdentityProviderFunction · 0.70
FatalfMethod · 0.65
AddMethod · 0.65
ServerHandshakeMethod · 0.65
ErrorfMethod · 0.65

Tested by

no test coverage detected